Policies

Policy Statement: We are committed to creating a work environment free from racial discrimination, harassment and other forms of discrimination at work and among our staff, suppliers and vendors.

Guidelines

• The People and Change Manager, one other Manager, and one Employee form a steering committee called the ‘Anti-Discrimination Committee’. The Anti-Discrimination Committee is responsible for communicating and managing this policy.
• The Anti-Discrimination Committee decides on what constitutes acceptable standards of behaviour in the Company.
• The Anti-Discrimination Committee deals with complaints about racial discrimination, harassment and other forms of discrimination.
• Racial Discrimination is behaviour which disadvantages people on the basis of their real (or supposed) race, colour, nationality, descent or ethnic or ethno-religious or national origin.
• The Anti-Discrimination Committee will educate and refresh staff knowledge on this policy from time to time.
• All staff, vendors and suppliers must be made aware of this policy.

Procedure

Origin8 discourages racial discrimination and other forms of discrimination and works through the Anti-Discrimination Committee to address these through the following steps:

Step 1: Any staff, vendor or supplier who is discriminated against must inform the Anti-Discrimination Committee in writing.

Step 2: The Committee shall investigate the complaint sensitively within 8 working days and make a recommendation to Management.

Step 3: Management would implement the recommendation or review the recommendation and implement it.

Step 4: The complainant shall be informed of the measures taken by the company to rectify the discrimination in writing. An aggrieved person who is not satisfied with the recommendation of the Committee may petition the Country Head in writing within 5 working days.

Step 5: If the complainant is not satisfied with the outcome of the investigation, he or she shall petition the Country Head within five (5) working days.

Step 6: The Country Head would communicate a decision on the petition to the Complainant within seven (7) working days.

Introduction

A Business Continuity Management System (BCMS) is a framework that Origin8 Limited implements to ensure the continuous operation of business activities in the face of disruptions or disasters. It is a systematic approach to identify, assess and manage potential threats to the business operations, allowing the company to minimize downtime and quickly recover from disruptive events.

Objectives & Importance Of BCMS

• The primary objective of BCMS is to ensure the continued operation of critical business functions during and after a disruptive incident that could happen to the company.
• It helps us identify potential risks and vulnerabilities that could impact the company’s operations and find ways to mitigate them when it happens.
• It ensures compliance with relevant laws, regulations and contractual agreements. Many industries require organizations to have business continuity systems in place before engaging them.
• It enhances stakeholder confidence by assuring clients, employees and partners that the company is well-prepared to handle disruptions and can continue providing products and services reliably.
• BCMS helps minimize financial losses by reducing downtime, enabling prompt recovery and ensuring the continuity of revenue-generating activities.
• It protects our relationship with clients and safeguard our brand reputation.

Triggers For Activating BCMS

Business continuity management (BCM) will be triggered in various situations where there are potential and actual disruptions to the company’s operations.

• Events such as earthquakes, hurricanes, floods, wildfires and severe storms that pose a significant threat to the company’s facilities, infrastructure and personnel.
• System failures, power outages, network disruptions, cyberattacks, data breaches and IT infrastructure issues that impact the company’s ability to conduct business operations and deliver services.
• Pandemics, health emergencies, outbreaks of infectious diseases and public health emergencies that pose a risk to employee health and safety or result in government-imposed restrictions on business activities.
• Disruptions in the supply chain due to supplier failures, transportation issues or trade disruptions that impact the availability of essential resources and materials.
• Security incidents, including terrorist attacks, civil unrest and acts of violence, that jeopardize the safety and security of the company’s personnel and facilities.
• Major Industrial accidents, fires explosions and other incidents that pose risks to employee safety, environmental damage and facility shutdowns.
• Significant business interruptions that impact the organization’s ability to deliver products and services, generate revenue and maintain customer satisfaction.

Risk Assessment

There are some potential risks and challenges that can disrupt our business operations as a marketing communications organization.

• The loss of a major client or a significant reduction in advertising budgets can impact the financial stability of the agency and its ability to sustain operations.
• Market and industry volatility, economic downturns, shifts in market trends or emerging technologies can significantly impact marketing and advertising spending and client demand.
• The emergence of new agencies, the loss of key accounts to competitors, or aggressive pricing strategies can pose risks to Origin8 Limited market position and revenue streams.
• High employee turnover, difficulties in attracting skilled professionals, or talent gaps in emerging areas can impact the company’s ability to deliver high-quality campaigns and services.
• Origin8 Limited as a marketing communications agency handles vast amounts of sensitive data, including client information and campaign performance metrics. The risk of data breaches, unauthorized access, or non-compliance with data privacy regulations poses reputational and legal risks.
• The company often relies on external vendors for services such as media buying, printing and production. Any disruptions or issues with these vendors can affect campaign execution and deliverables.
• Events like natural disasters, fires, or power outages can damage physical infrastructure, disrupt operations and lead to data loss or system downtime.
• In the age of social media and instant communication, negative publicity, public backlash, or a high-profile campaign failure can significantly impact our reputation and client relationships.

Business Continuity Plan and Strategies

Implementing effective business continuity management plan and strategies are crucial to ensure uninterrupted operations and minimize the impact of disruptions.

• The People and Change Manager and other Senior Managements conducted a comprehensive Business Impact Analysis (BIA) to identify and minimize the impact of disruptions on our critical operations.
• We have implemented redundancy and backup systems for critical infrastructure, such as servers, databases, network connections and communication systems. Also, client information, creative assets, campaign data and financial records.
• We have identified alternate work locations, such as backup offices or co-working spaces, where employees can work in case the primary office becomes inaccessible. Also, we have established remote work policies and provide employees with the necessary tools and resources to work from home or other remote locations. d. We have implemented reliable communication and collaboration systems to facilitate remote communication and collaboration among team members, clients and stakeholders.
• We evaluate critical vendors and suppliers and establish contingency plans in case they experience disruptions. Also, we maintain good relationships with backup service providers and vendors.
• We have developed a detailed incident response plan that outlines roles, responsibilities and escalation procedures during a crisis.
• We have done regular training and awareness programs to educate employees about business continuity measures, emergency procedures and their responsibilities during disruptions.

Recovery Procedures

Recovery procedures are an essential part of business continuity management and are designed to guide organizations in recovering their operations and restoring critical functions following a disruptive event.

• Immediately activate the incident response plan that outlines the steps to be taken during a disruptive event. This plan should identify key personnel, their roles and responsibilities, and communication protocols to ensure a coordinated response.
• Assess and provide the necessary support, safety and security of employees, clients and stakeholders in the aftermath of the incident.
• Set up a central command centre or a dedicated recovery site where decision-making and coordination of recovery efforts can take place. This centre will have the necessary infrastructure, technology, and communication systems to support recovery operations.
• Establish effective communication channels to keep employees, clients, suppliers and other stakeholders informed about the situation, recovery progress and any changes in operations.
• Restore and recover critical IT systems, including servers, databases and network infrastructure. Implement data recovery procedures to ensure the availability of essential business data.
• Assess the damage to physical infrastructure and facilities and initiate necessary repairs or relocation efforts. This may include repairing office spaces, equipment and restoring utilities such as power, water, and internet connectivity.
• Conduct a thorough review and analysis of the incident and the organization’s response to identify areas for improvement.

Testing and Maintenance

Testing and maintenance are critiCaI components of business continuity management to ensure that plans, procedures and systems are effective and up to date.

• Conduct a simulated, interactive and comprehensive exercises to test the effectiveness of plans and procedures, the coordination and response capabilities of the BCM program and the activation of the entire BCM program.
• Review business continuity plans, procedures and documentation on a scheduled basis, incorporate lessons learned from actual incidents, exercises and post-event reviews and seek management approval for plan updates, ensuring that key stakeholders are involved in the review process and sign off on the revised plans. c. Regularly maintain IT systems, equipment and infrastructure. Also, regularly test the backup and restoration procedures for critical data and systems to verify the integrity of backups and the ability to recover data in a timely manner.
• Provide ongoing training and awareness programs to employees regarding their roles and responsibilities in the event Of a disruption and validate their understanding of the BCM procedures and protocols.
• Test communication systems and channels such as emergency notification systems, to ensure their effectiveness in disseminating information to employees, clients and stakeholders during an incident. Ensure that all relevant BCM documentation, including plans, procedures, contact lists and recovery instructions, are kept up to date and easily accessible and readily available to key personnel.

Plan Review and Approval

Plan review and approval are crucial steps in the business continuity management (BCM) process to ensure that plans and procedures are comprehensive, accurate and aligned with the organization’s objectives.

• Determine the frequency at which business continuity plans and procedures should be reviewed and designate a review committee comprising representatives from relevant departments and teams within the organization for their assessment and feedback. These include Head of Client Relations, Senior IT Manager, Logistics Manager and People and Change Manager.
• Have a review process. That is; review the plans and procedures to ensure they cover all critical functions, processes and resources. Evaluate the plans against industry standards, regulatory requirements, and any internal policies or guidelines to ensure compliance. Identify any gaps, inconsistencies, or weaknesses in the plans that may hinder effective response and recovery. Seek input and feedback from key stakeholders, including department heads, business unit managers, and subject matter experts, to validate the plans and address any specific concerns or requirements.
• Consider the feedback received during the review process and incorporate necessary changes, additions, or revisions into the business continuity plans and procedures. Document all updates and changes made to the plans and seek formal approval from senior management or designated authorities within the organization with sign offs as per organizational policies.
• Once the plans have been reviewed, updated, and approved, distribute the revised versions to all relevant stakeholders, ensuring that they are easily accessible and well-documented. Communicate the changes and updates to employees, making them aware of their roles and responsibilities in implementing the plans. e. Establish a schedule for future plan reviews and set reminders to ensure regular and timely updates. Maintain a tracking mechanism to monitor plan review cycles, track progress, and ensure compliance with regulatory requirements or industry standards.

Policy Number: HRP002/2021

Policy Statement

Origin8 Limited (hereinafter referred to as Origin8) is dedicated to implementing a strong Information Security Management system. It seeks to ensure the appropriate confidentiality, integrity, and availability of its systems and data through proactive actions to ensure that our information, documentation, and data provided by, developed by, and held on behalf of third parties throughout contract work are properly maintained and managed.

The principles outlined in this policy shall be applied to all electronic information assets managed by Origin8.

Guidelines

• This policy applies to all Origin8 staff, assignees and contractors that provide services to Origin8 and is an integral part of the Origin8 Code of Conduct.
• Compliance with this policy is mandatory.
• This policy covers the security of information systems and data networks owned or used by Origin8 as well as the information that is stored, transmitted or processed by those systems.
• Each Origin8 employee is personally responsible for safeguarding the equipment, software, and information in one’s possession. Security is everyone’s responsibility.
• Employees are responsible for the identification of non-public data, which includes company confidential data, client data and personal data. If you do not know or are not sure, ask. Although you cannot touch it, information is an asset, sometimes a priceless asset.
• Resources at employees’ disposal shall be used solely for the benefit of Origin8.
• Do not copy or store Origin8 data on unauthorized external locations (including cloud-based services which are not company-approved services). Contact the Logistics Manager who will liaise with the Snr. Client Relations Manager (IT Support) for the best solution for secured file transfer when this is required.
• If you become aware of a potential or actual Security Incident, you must report the incident as soon as possible by sending an email to the Logistics Manager.
• All Origin8 suppliers will abide by this information security policy.
• Any security breach will be handled in accordance with all relevant company policies and the appropriate disciplinary procedures.

We strongly believe in and implement a three-eye principle to ensure quality at all times; at least, three persons review all works before sending to the Client.

• All works from the Content Creation Department are reviewed and approved by the Head of Content Creation before sharing with the Senior Client Relations Manager.
• The Senior Client Relations Manager reviews the work and sends it to the Head of Client Relations for review and approval.
• All proposals from the Company are reviewed by the Head of Client Relations and sent to the Chief Executive Officer for final review and approval.
• All production works (print, radio, audio-visuals) are reviewed and approved by the Head of Client Relations, Head of Content Creation and the Production Manager, prior to delivery to the Client.

1.0 Purpose

This risk management policy serves to set forth the organization’s strategy for identifying, evaluating, mitigating, and overseeing risks. This policy aims to create a framework that encourages proactive risk management techniques and ensures the safety of the organization’s resources, reputation, and stakeholders’ interests.

2.0 Scope

This policy applies to all employees, contractors, and stakeholders of the organization. It encompasses all areas of the organization’s operations, including but not limited to finance, operations, information technology, human resources, and compliance.

3.0 Risk Management Framework

3.1 Risk Identification

The organization will establish a systematic process to identify and document risks relevant to its operations. This includes conducting risk assessments, soliciting inputs from relevant stakeholders, and analyzing historical data to identify potential risks.

3.2 Risk Assessment

Based on their propensity to occur and potential impact on the organization’s goals, identified risks will be evaluated. In order to prioritize risks and allocate the right resources for mitigation, risk assessments will be carried out using the appropriate qualitative and quantitative methods.

3.3 Risk Mitigation

The organization will develop and implement risk mitigation strategies and controls to reduce the likelihood and impact of identified risks. These strategies will be designed to address risks in a cost-effective manner, considering best practices, legal requirements, and industry standards.

3.4 Risk Monitoring and Review

The organization will establish processes to regularly monitor and review identified risks and the effectiveness of implemented controls. This includes periodic risk assessments, tracking key risk indicators, and conducting audits and evaluations to ensure ongoing compliance with risk management policies and procedures.

4.0 Roles and Responsibilities

4.1 Senior Management

Senior management is responsible for promoting a risk-aware culture, providing adequate resources for risk management activities, and overseeing the implementation of risk management policies and procedures.

4.2 Risk Management Committee

A risk management committee made up of representatives from pertinent departments or functions will be created by the organization. The committee will be in charge of coordinating risk management activities, reviewing risk assessments, and advising senior management on the most effective risk mitigation measures.

4.3 Employees

All employees have a responsibility to identify and report risks promptly to their supervisors or the designated risk management focal point. Employees should actively take part in risk assessments, adhere to established risk mitigation strategies, and help to continuously improve the risk management process.

4.4 Communication and Training

The organization will provide appropriate training and resources to employees to enhance their understanding of risk management principles and practices. Regular communication channels will be established to ensure the dissemination of risk-related information, including updates on risk profiles, mitigation strategies, and lessons learned from past incidents.

5.0 Continuous Improvement

The company is dedicated to enhancing its risk management procedures constantly. The risk management policy and practices will be periodically reviewed in order to take into account new information, address emerging risks, and conform to legal and industry standards.

6.0 Policy Compliance

Non-compliance with this risk management policy may result in disciplinary action, which may include termination of employment or contract. Compliance with this policy is mandatory for all individuals and entities associated with the organization.

This risk management policy is effective from the date of approval and will be reviewed and updated as necessary,